Google Cloud SSH Keys using OS Login
Step-01: Introduction¶
- Metadata-managed SSH Connections
- Automatically Configured at Project Level: Temporarily grant a user access to an instance (so far we are using this one)
- Manually Managing SSH Keys in Metadata: Generate SSH keys and upload to Project Medatada
- Instance-Level Public SSH Keys
- OS Login-managed SSH connections (Google Recommended)
- In this section, we are going to focus on SSH Keys using OS Login
Step-02: Enable OS Login at Project Level¶
- Go to Compute Engine -> Metadata -> Edit
- Click on Add item
- Add the following
- key: enable-oslogin
- value: TRUE
- Click on SAVE
Step-03: Connect to VM Instance using SSH¶
- Go to Compute Engine -> VM Instances -> vm1 -> SSH -> Open in new browser window
- Primary Difference
- Username Format: username_domain_com: Complete email address of user including domain
Step-04: Connect to VM Instance using Cloud Shell gcloud ssh command¶
- Go to Compute Engine -> VM Instances -> vm1 -> SSH -> View gcloud command
Step-05: Conclusion¶
- We will be able to connect via gcloud
- We will be able to connect via SSH Browser
- We cannot connect via Third Party Tools like
Putty, ssh command from local desktop terminal. In short cannot connect via third party tools. - In next demo we will see how we can connect using Third Party Tools and with OS-Login enabled.
Step-06: Roles to VM Users Admin and Non-Admin¶
- IAM Roles
- We can control the permissions of a user connecting to VM Instance can have admin or a non-admin access inside VM.
roles/compute.osLogin, which doesn't grant administrator permissionsroles/compute.osAdminLogin, which grants administrator permissions
Step-07: Discuss Additional Roles¶
- Service Accounts
- External Users (roles/compute.osLoginExternalUser)
Step-08: Discuss about Revoking Access¶
Additional References¶
🎉 New Course
Ultimate DevOps Real-World Project Implementation on AWS
$15.99
$84.99
81% OFF
DEVOPS2026FEB
Enroll Now on Udemy
🎉 Offer